Redshift Publicly Accessible
- Query id: af173fde-95ea-4584-b904-bb3923ac4bda
- Query name: Redshift Publicly Accessible
- Platform: Terraform
- Severity: High
- Category: Insecure Configurations
- CWE: 668
- URL: Github
Description¶
AWS Redshift Clusters must not be publicly accessible. Check if 'publicly_accessible' field is true or undefined (default is true)
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_redshift_cluster" "positive1" {
cluster_identifier = "tf-redshift-cluster"
database_name = "mydb"
master_username = "foo"
master_password = "Mustbe8characters"
node_type = "dc1.large"
cluster_type = "single-node"
}
resource "aws_redshift_cluster" "positive2" {
cluster_identifier = "tf-redshift-cluster"
database_name = "mydb"
master_username = "foo"
master_password = "Mustbe8characters"
node_type = "dc1.large"
cluster_type = "single-node"
publicly_accessible = true
}